Tag: Gauss

Three years ago, on May 28th 2012, we announced the discovery of a malware known as Flame. Since that, we reported on many other advanced malware platform. Looking back at the discovery of Flame, here are some lessons we learned. Read Full Article

The Equation group is a highly sophisticated threat actor that has been engaged in multiple CNE (computer network exploitation) operations dating back to 2001, and perhaps as early as 1996. It is probably one of the most sophisticated cyber attack groups in the world. Read Full Article

Yesterday, Jens atom Steube, which most people know as the author of hashcat – a GPU accelerated password recovery tool, released his Gauss cracker as open source software under a GPL license Read Full Article

Several days ago, our colleagues from Symantec published an analysis of a new destructive malware reported in the Middle East. Dubbed Narilam, the malware appears to be designed to corrupt databases. The database structure naming indicates that targets are probably in Iran. Read Full Article

In April 2012, several stories were published about a mysterious malware attack shutting down computer systems at businesses throughout Iran. Several articles mentioned that a virus named Wiper was responsible. Yet, no samples were available from these attacks, causing many… Read Full Article

There are many remaining mysteries in the Gauss and Flame stories. For instance, how do people get infected with the malware? Or, what is the purpose of the uniquely named Palida Narrow font that Gauss installs?
Perhaps the most interesting mystery is Gauss encrypted warhead. Gauss contains a module named UsbDisk that features an encrypted payload. The malware tries to decrypt this payload using several strings from the system and, upon success, executes it. Despite our best efforts, we were unable to break the encryption. So today we are presenting all the available information about the payload in the hope that someone can find a solution and unlock its secrets. We are asking anyone interested in cryptology and mathematics to join us in solving the mystery and extracting the hidden payload. Read Full Article

After the publication of our whitepaper about the Gauss cyber-attack, we have been asked if there is an easy way for users to check their system for infection. Of course the most reliable way is to download and install our antivirus solution, but if someone needs to double-check or for some reason cannot download full antivirus package, we offer a quick and easy way to check for the presence of Gauss component. Read Full Article

Gauss is the most recent cyber-surveillance operation in the Stuxnet, Duqu and Flame saga. It was probably created in mid-2011 and deployed for the first time in August-September 2011. Gauss was discovered during the course of the ongoing effort initiated by the International Telecommunications Union (ITU), following the discovery of Flame, which is part of a sustained effort to mitigate the risk posed by cyber-weapons. Read Full Article

I agree to provide my email address to “AO Kaspersky Lab” to receive information about new posts on the site. I understand that I can withdraw this consent at any time via e-mail by clicking the “unsubscribe” link that I find at the bottom of any e-mail sent to me for the purposes mentioned above.